Windows 7 Forums
Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: Flaws in self-encrypting SSDs let attackers bypass disk encryption

05 Nov 2018   #1
Brink

64-bit Windows 10 Pro
 
 
Flaws in self-encrypting SSDs let attackers bypass disk encryption

Quote:
Researchers at Radboud University in the Netherlands have revealed today vulnerabilities in some solid-state drives (SSDs) that allow an attacker to bypass the disk encryption feature and access the local data without knowing the user-chosen disk encryption password.

The vulnerabilities only affect SSD models that support hardware-based encryption, where the disk encryption operations are carried out via a local built-in chip, separate from the main CPU.

Such devices are also known as self-encrypting drives (SEDs) and have become popular in recent years after software-level full disk encryption was proven vulnerable to attacks where intruders would steal the encryption password from the computer's RAM.

But in a new academic paper published today, two Radboud researchers, Carlo Meijer and Bernard van Gastel, say they've identified vulnerabilities in the firmware of SEDs.

These vulnerabilities affect "ATA security" and "TCG Opal," two specifications for the implementation of hardware-based encryption on SEDs.

The two say that the SEDs they've analyzed, allowed users to set a password that decrypted their data, but also came with support for a so-called "master password" that was set by the SED vendor...


Read more: Flaws in self-encrypting SSDs let attackers bypass disk encryption | ZDNet


My System SpecsSystem Spec
.
05 Nov 2018   #2
F22 Simpilot

Windows 7 Ultimate x64
 
 

Unreal. Never trust propitiatory encryption.
My System SpecsSystem Spec
05 Nov 2018   #3
Brds7t7

Windows 7 Pro & Ultimate, Windows 8.1 Pro, Linux Mint 19 Cinnamon (All 64-Bit)
 
 

I'm wondering when this was discovered? I use 2 Samsung EVO 850s, and a Crucial MX300.

The article states "Both SSD vendors whose products they've tested --Crucial (Micron) and Samsung-- have released firmware updates to address the reported flaws."

I don't recall either of them having firmware updates for the last few months. I think it's been at least 6 months since the EVOs had firmware updates.
My System SpecsSystem Spec
.

Reply

 Flaws in self-encrypting SSDs let attackers bypass disk encryption




Thread Tools




Similar help and support threads
Thread Forum
bypass login screen w/o password or recovery disk
My hp pavilion dv4 how can I bypass Windows startup login password screen Or how can I reset administrator. Password w/o disk and how can I use command prompts when can't get pass login screen
General Discussion
encryption & dynamic disk
I have Home premium windows 7 and I don't think I can do encryption or dynamic disk? I have Vista Ultimate which I can do but don't think I can with premium windows 7 but don't know?
General Discussion


Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 09:02.
Twitter Facebook Google+